Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-12-31 02:49:45 -06:00
Code Activity

Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89.

Browse Source
This commit is contained in:
Mounir IDRASSI
2022-03-07 00:45:30 +01:00
parent 2dee49d3c8
commit 36795a688f
50 changed files with 481 additions and 1943 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/Crypto/Crypto.vcxproj
View File

@@ -197,16 +197,6 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win32 -Ox --prefix _ -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
<CustomBuild Include="Gost89_x64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
@@ -214,12 +204,15 @@
<ItemGroup>
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
<ClCompile Include="blake2s.c" />
<ClCompile Include="blake2s_SSE2.c" />
<ClCompile Include="blake2s_SSE41.c" />
<ClCompile Include="blake2s_SSSE3.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
<ClCompile Include="chachaRng.c" />
<ClCompile Include="cpu.c" />
<ClCompile Include="GostCipher.c" />
<ClCompile Include="jitterentropy-base.c">
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Disabled</Optimization>
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Disabled</Optimization>
@@ -227,7 +220,6 @@
<ClCompile Include="kuznyechik.c" />
<ClCompile Include="kuznyechik_simd.c" />
<ClCompile Include="rdrand.c" />
<ClCompile Include="Rmd160.c" />
<ClCompile Include="SerpentFast.c" />
<ClCompile Include="SerpentFast_simd.cpp" />
<ClCompile Include="Sha2.c" />
@@ -243,6 +235,9 @@
<ClInclude Include="Aes_hw_cpu.h" />
<ClInclude Include="Aesopt.h" />
<ClInclude Include="Aestab.h" />
<ClInclude Include="blake2s-load-sse2.h" />
<ClInclude Include="blake2s-load-sse41.h" />
<ClInclude Include="blake2s-round.h" />
<ClInclude Include="Camellia.h" />
<ClInclude Include="chacha256.h" />
<ClInclude Include="chachaRng.h" />
@@ -250,13 +245,11 @@
<ClInclude Include="chacha_u4.h" />
<ClInclude Include="config.h" />
<ClInclude Include="cpu.h" />
<ClInclude Include="GostCipher.h" />
<ClInclude Include="jitterentropy-base-user.h" />
<ClInclude Include="jitterentropy.h" />
<ClInclude Include="kuznyechik.h" />
<ClInclude Include="misc.h" />
<ClInclude Include="rdrand.h" />
<ClInclude Include="Rmd160.h" />
<ClInclude Include="SerpentFast.h" />
<ClInclude Include="SerpentFast_sbox.h" />
<ClInclude Include="Sha2.h" />

36
src/Crypto/Crypto.vcxproj.filters
View File

@@ -24,9 +24,6 @@
<ClCompile Include="cpu.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="Rmd160.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="Sha2.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -36,9 +33,6 @@
<ClCompile Include="Whirlpool.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="GostCipher.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="kuznyechik.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -81,6 +75,18 @@
<ClCompile Include="t1ha2_selfcheck.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s_SSE2.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s_SSE41.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s_SSSE3.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Aes.h">
@@ -107,9 +113,6 @@
<ClInclude Include="misc.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Rmd160.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Sha2.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -119,9 +122,6 @@
<ClInclude Include="Whirlpool.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="GostCipher.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="kuznyechik.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -164,6 +164,15 @@
<ClInclude Include="t1ha_selfcheck.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="blake2s-load-sse2.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="blake2s-load-sse41.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="blake2s-round.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="Aes_hw_cpu.asm">
@@ -175,9 +184,6 @@
<CustomBuild Include="Aes_x86.asm">
<Filter>Source Files</Filter>
</CustomBuild>
<CustomBuild Include="Gost89_x64.asm">
<Filter>Source Files</Filter>
</CustomBuild>
<CustomBuild Include="Twofish_x64.S">
<Filter>Source Files</Filter>
</CustomBuild>

23
src/Crypto/Crypto_vs2019.vcxproj
View File

@@ -297,24 +297,6 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
<CustomBuild Include="Gost89_x64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
</CustomBuild>
</ItemGroup>
<ItemGroup>
<ClCompile Include="Aescrypt.c">
@@ -325,12 +307,12 @@
</ClCompile>
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
<ClCompile Include="blake2s.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
<ClCompile Include="chachaRng.c" />
<ClCompile Include="cpu.c" />
<ClCompile Include="GostCipher.c" />
<ClCompile Include="jitterentropy-base.c">
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Disabled</Optimization>
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Disabled</Optimization>
@@ -345,7 +327,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="Rmd160.c" />
<ClCompile Include="SerpentFast.c" />
<ClCompile Include="SerpentFast_simd.cpp" />
<ClCompile Include="Sha2.c" />
@@ -368,13 +349,11 @@
<ClInclude Include="chacha_u4.h" />
<ClInclude Include="config.h" />
<ClInclude Include="cpu.h" />
<ClInclude Include="GostCipher.h" />
<ClInclude Include="jitterentropy-base-user.h" />
<ClInclude Include="jitterentropy.h" />
<ClInclude Include="kuznyechik.h" />
<ClInclude Include="misc.h" />
<ClInclude Include="rdrand.h" />
<ClInclude Include="Rmd160.h" />
<ClInclude Include="SerpentFast.h" />
<ClInclude Include="SerpentFast_sbox.h" />
<ClInclude Include="Sha2.h" />

265
src/Crypto/GostCipher.c
View File

@@ -1,265 +0,0 @@
/** @file
GOST89 implementation
Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the Apache License, Version 2.0.
The full text of the license may be found at
https://opensource.org/licenses/Apache-2.0
Dynamic SBOX idea is from GostCrypt project. Copyright (c) 2008-2011 TrueCrypt Developers Association
**/
#include "GostCipher.h"
#include "Streebog.h"
#include "cpu.h"
#if defined(CIPHER_GOST89)
// Crypto Pro
byte S_CryptoPro[8][16] = {
{0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
{0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
{0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
{0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
{0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
{0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
{0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
{0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
};
// TC26
byte S_TC26[8][16] =
{
{ 0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, 0xf, 0x1 },
{ 0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, 0x0, 0xf },
{ 0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, 0x6, 0x0 },
{ 0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, 0x9, 0xb },
{ 0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, 0x2, 0xc },
{ 0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, 0xe, 0x0 },
{ 0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, 0x3, 0x7 },
{ 0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, 0xb, 0x2 },
};
void gost_prepare_kds(gost_kds* kds) {
uint32 i;
// Build substitution tables.
for (i = 0; i < 256; ++i) {
uint32 p;
p = kds->sbox[7][i >> 4] << 4 | kds->sbox[6][i & 15];
p = p << 24; p = p << 11 | p >> 21;
kds->sbox_cvt[i] = p; // S87
p = kds->sbox[5][i >> 4] << 4 | kds->sbox[4][i & 15];
p = p << 16; p = p << 11 | p >> 21;
kds->sbox_cvt[256 + i] = p; // S65
p = kds->sbox[3][i >> 4] << 4 | kds->sbox[2][i & 15];
p = p << 8; p = p << 11 | p >> 21;
kds->sbox_cvt[256 * 2 + i] = p; // S43
p = kds->sbox[1][i >> 4] << 4 | kds->sbox[0][i & 15];
p = p << 11 | p >> 21;
kds->sbox_cvt[256 * 3 + i] = p; // S21
}
}
static void xor_s_box(byte s_box[8][16], byte *seed)
{
int i;
for (i = 0; i < 16; i++)
{
s_box[0][i] ^= (seed[ (i * 4) + 0 ] ) & 0xF;
s_box[1][i] ^= (seed[ (i * 4) + 0 ]>>4) & 0xF;
s_box[2][i] ^= (seed[ (i * 4) + 1 ] ) & 0xF;
s_box[3][i] ^= (seed[ (i * 4) + 1 ]>>4) & 0xF;
s_box[4][i] ^= (seed[ (i * 4) + 2 ] ) & 0xF;
s_box[5][i] ^= (seed[ (i * 4) + 2 ]>>4) & 0xF;
s_box[6][i] ^= (seed[ (i * 4) + 3 ] ) & 0xF;
s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF;
}
}
void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox)
{
memcpy(ks->key, key, GOST_KEYSIZE);
memcpy(ks->sbox, S_TC26, sizeof(ks->sbox));
if (useDynamicSbox)
{
STREEBOG_CTX sctx;
byte sbox_seed[64];
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
if (HasSSE2() || HasSSE41())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
//Generate pseudorandom data based on the key
STREEBOG_init(&sctx);
STREEBOG_add(&sctx, ks->key, 32);
STREEBOG_finalize(&sctx, sbox_seed);
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
if (NT_SUCCESS (saveStatus))
KeRestoreFloatingPointState (&floatingPointState);
#endif
xor_s_box(ks->sbox, sbox_seed);
}
gost_prepare_kds(ks);
}
static uint32 f(uint32 v, uint32* sbox){
byte* x =(byte*) &v;
/* Do substitutions */
return sbox[x[3]] | sbox[256 + x[2]] | sbox[256*2 + x[1]] | sbox[256*3 + x[0]];
}
void gost_encrypt_block(uint64 in_, uint64* out_, gost_kds* kds) {
uint32* in = (uint32*)&in_;
uint32* out = (uint32*)out_;
uint32* key = (uint32*)kds->key;
uint32* sbox = kds->sbox_cvt;
// As named in the GOST
uint32 n1 = in[0];
uint32 n2 = in[1];
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
// There is no swap after the last round
out[0] = n2;
out[1] = n1;
}
void gost_decrypt_block(uint64 in_, uint64* out_, gost_kds* kds) {
uint32* in = (uint32*)&in_;
uint32* out = (uint32*)out_;
uint32* key = (uint32*)kds->key;
uint32* sbox = kds->sbox_cvt;
// As named in the GOST
uint32 n1 = in[0];
uint32 n2 = in[1];
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
out[0] = n2;
out[1] = n1;
}
#if defined(_M_AMD64)
void gost_encrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count);
void gost_decrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count);
#endif
void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count) {
#if defined(_M_AMD64)
gost_encrypt_128_CBC_asm(in, out, ks, (uint64)count);
#else
while (count > 0) {
// encrypt two blocks in CBC mode
gost_encrypt_block(*((uint64*)in), (uint64*)out, ks);
*((gst_udword*)(out + 8)) = *((gst_udword*)(in + 8)) ^ *((gst_udword*)(out));
*((gst_udword*)(out + 12)) = *((gst_udword*)(in + 12)) ^ *((gst_udword*)(out + 4));
gost_encrypt_block(*((uint64*)(out + 8)), (uint64*)(out + 8), ks);
count--;
in += 16;
out += 16;
}
#endif
}
void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count) {
#if defined(_M_AMD64)
gost_decrypt_128_CBC_asm(in, out, ks, (uint64)count);
#else
while (count > 0) {
// decrypt two blocks in CBC mode
gost_decrypt_block(*((uint64*)(in + 8)), (uint64*)(out + 8), ks);
*((gst_udword*)(out + 8)) ^= *((gst_udword*)(in));;
*((gst_udword*)(out + 12)) ^= *((gst_udword*)(in + 4));;
gost_decrypt_block(*((uint64*)(in)), (uint64*)(out), ks);
count--;
in += 16;
out += 16;
}
#endif
}
#endif

68
src/Crypto/GostCipher.h
View File

@@ -1,68 +0,0 @@
/*
Copyright (c) 2008-2011 TrueCrypt Developers Association. All rights reserved.
Governed by the TrueCrypt License 3.0 the full text of which is contained in
the file License.txt included in TrueCrypt binary and source code distribution
packages.
*/
#ifndef GOST_CIPHER_H
#define GOST_CIPHER_H
#include "Common/Tcdefs.h"
#include "config.h"
#include "misc.h"
#ifdef __cplusplus
extern "C" {
#endif
//In unsigned chars
#define GOST_KEYSIZE 32
#define GOST_BLOCKSIZE 8
#define GOST_SBOX_SIZE 16
//Production setting, but can be turned off to compare the algorithm with other implementations
#define CIPHER_GOST89
#define GOST_DYNAMIC_SBOXES
#if defined(CIPHER_GOST89)
#ifdef GST_WINDOWS_BOOT
typedef int gst_word;
typedef long gst_dword;
typedef unsigned int gst_uword;
typedef unsigned long gst_udword;
#else
typedef short gst_word;
typedef int gst_dword;
typedef unsigned short gst_uword;
typedef unsigned int gst_udword;
#endif
typedef struct gost_kds
{
CRYPTOPP_ALIGN_DATA(16) byte key[32];
gst_udword sbox_cvt[256 * 4];
byte sbox[8][16];
} gost_kds;
#define GOST_KS (sizeof(gost_kds))
void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count);
void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count);
void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox);
#else
#define GOST_KS (0)
#endif
#ifdef __cplusplus
}
#endif
#endif

3
src/Crypto/Makefile.inc
View File

@@ -16,9 +16,6 @@ VC_MLEXE = ml64.exe
TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj": gost89_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).lst" gost89_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)

500
src/Crypto/Rmd160.c
View File

@@ -1,500 +0,0 @@
// RIPEMD-160 written and placed in the public domain by Wei Dai
/*
* This code implements the MD4 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*/
/* Adapted for TrueCrypt */
/* Adapted for VeraCrypt */
#if !defined(_UEFI)
#include <memory.h>
#endif // !defined(_UEFI)
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#include "Rmd160.h"
#define F(x, y, z) (x ^ y ^ z)
#define G(x, y, z) (z ^ (x & (y^z)))
#define H(x, y, z) (z ^ (x | ~y))
#define I(x, y, z) (y ^ (z & (x^y)))
#define J(x, y, z) (x ^ (y | ~z))
#define PUT_64BIT_LE(cp, value) do { \
(cp)[7] = (byte) ((value) >> 56); \
(cp)[6] = (byte) ((value) >> 48); \
(cp)[5] = (byte) ((value) >> 40); \
(cp)[4] = (byte) ((value) >> 32); \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#define PUT_32BIT_LE(cp, value) do { \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#ifndef TC_MINIMIZE_CODE_SIZE
static byte PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
#else
static byte PADDING[64];
#endif
void RMD160Init (RMD160_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xefcdab89;
ctx->state[2] = 0x98badcfe;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xc3d2e1f0;
PADDING[0] = 0x80;
}
/*
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg)
{
#ifndef TC_WINDOWS_BOOT
uint64 len = lenArg;
#else
uint32 len = lenArg;
#endif
unsigned int have, need;
/* Check how many bytes we already have and how many more we need. */
have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
need = RIPEMD160_BLOCK_LENGTH - have;
/* Update bitcount */
ctx->count += len;
if (len >= need) {
if (have != 0) {
memcpy (ctx->buffer + have, input, (size_t) need);
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer);
input += need;
len -= need;
have = 0;
}
/* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */
while (len >= RIPEMD160_BLOCK_LENGTH) {
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input);
input += RIPEMD160_BLOCK_LENGTH;
len -= RIPEMD160_BLOCK_LENGTH;
}
}
/* Handle any remaining bytes of data. */
if (len != 0)
memcpy (ctx->buffer + have, input, (size_t) len);
}
/*
* Pad pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
static void RMD160Pad(RMD160_CTX *ctx)
{
byte count[8];
uint32 padlen;
/* Convert count to 8 bytes in little endian order. */
#ifndef TC_WINDOWS_BOOT
uint64 bitcount = ctx->count << 3;
PUT_64BIT_LE(count, bitcount);
#else
*(uint32 *) (count + 4) = 0;
*(uint32 *) (count + 0) = ctx->count << 3;
#endif
/* Pad out to 56 mod 64. */
padlen = RIPEMD160_BLOCK_LENGTH -
(uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
if (padlen < 1 + 8)
padlen += RIPEMD160_BLOCK_LENGTH;
RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
RMD160Update(ctx, count, 8);
}
/*
* Final wrapup--call RMD160Pad, fill in digest and zero out ctx.
*/
void RMD160Final(unsigned char *digest, RMD160_CTX *ctx)
{
int i;
RMD160Pad(ctx);
if (digest) {
for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
#ifndef TC_WINDOWS_BOOT
burn (ctx, sizeof(*ctx));
#endif
}
}
#ifndef TC_MINIMIZE_CODE_SIZE
#define word32 unsigned __int32
#define k0 0
#define k1 0x5a827999UL
#define k2 0x6ed9eba1UL
#define k3 0x8f1bbcdcUL
#define k4 0xa953fd4eUL
#define k5 0x50a28be6UL
#define k6 0x5c4dd124UL
#define k7 0x6d703ef3UL
#define k8 0x7a6d76e9UL
#define k9 0
static word32 rotlFixed (word32 x, unsigned int y)
{
return (word32)((x<<y) | (x>>(sizeof(word32)*8-y)));
}
#define Subround(f, a, b, c, d, e, x, s, k) \
a += f(b, c, d) + x + k;\
a = rotlFixed((word32)a, s) + e;\
c = rotlFixed((word32)c, 10U)
void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data)
{
#if BYTE_ORDER == LITTLE_ENDIAN
const word32 *X = data;
#else
word32 X[16];
int i;
#endif
word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2;
a1 = a2 = digest[0];
b1 = b2 = digest[1];
c1 = c2 = digest[2];
d1 = d2 = digest[3];
e1 = e2 = digest[4];
#if BYTE_ORDER == BIG_ENDIAN
for (i = 0; i < 16; i++)
{
X[i] = LE32 (data[i]);
}
#endif
Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0);
Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0);
Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0);
Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0);
Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0);
Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0);
Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0);
Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0);
Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1);
Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1);
Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1);
Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1);
Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1);
Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1);
Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1);
Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2);
Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2);
Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2);
Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2);
Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2);
Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2);
Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2);
Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3);
Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3);
Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3);
Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3);
Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3);
Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3);
Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3);
Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3);
Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4);
Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4);
Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4);
Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4);
Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4);
Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4);
Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4);
Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4);
Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4);
Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5);
Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5);
Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5);
Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5);
Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5);
Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5);
Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5);
Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5);
Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6);
Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6);
Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6);
Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6);
Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6);
Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6);
Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6);
Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7);
Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7);
Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7);
Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7);
Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7);
Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7);
Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8);
Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8);
Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8);
Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8);
Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8);
Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8);
Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8);
Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8);
Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8);
Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8);
Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9);
Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9);
Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9);
Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9);
Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9);
Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9);
Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9);
c1 = digest[1] + c1 + d2;
digest[1] = digest[2] + d1 + e2;
digest[2] = digest[3] + e1 + a2;
digest[3] = digest[4] + a1 + b2;
digest[4] = digest[0] + b1 + c2;
digest[0] = c1;
}
#else // TC_MINIMIZE_CODE_SIZE
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#pragma optimize ("tl", on)
typedef unsigned __int32 uint32;
typedef unsigned __int8 byte;
#include <stdlib.h>
#pragma intrinsic (_lrotl)
static const byte OrderTab[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13,
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
};
static const byte RolTab[] = {
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6,
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
};
static const uint32 KTab[] = {
0x00000000UL,
0x5A827999UL,
0x6ED9EBA1UL,
0x8F1BBCDCUL,
0xA953FD4EUL,
0x50A28BE6UL,
0x5C4DD124UL,
0x6D703EF3UL,
0x7A6D76E9UL,
0x00000000UL
};
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data)
{
uint32 a, b, c, d, e;
uint32 a2, b2, c2, d2, e2;
byte pos;
uint32 tmp;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
for (pos = 0; pos < 160; ++pos)
{
tmp = a + data[OrderTab[pos]] + KTab[pos >> 4];
switch (pos >> 4)
{
case 0: case 9: tmp += F (b, c, d); break;
case 1: case 8: tmp += G (b, c, d); break;
case 2: case 7: tmp += H (b, c, d); break;
case 3: case 6: tmp += I (b, c, d); break;
case 4: case 5: tmp += J (b, c, d); break;
}
tmp = _lrotl (tmp, RolTab[pos]) + e;
a = e;
e = d;
d = _lrotl (c, 10);
c = b;
b = tmp;
if (pos == 79)
{
a2 = a;
b2 = b;
c2 = c;
d2 = d;
e2 = e;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
}
}
tmp = state[1] + c2 + d;
state[1] = state[2] + d2 + e;
state[2] = state[3] + e2 + a;
state[3] = state[4] + a2 + b;
state[4] = state[0] + b2 + c;
state[0] = tmp;
}
#endif // TC_MINIMIZE_CODE_SIZE

33
src/Crypto/Rmd160.h
View File

@@ -1,33 +0,0 @@
#ifndef TC_HEADER_Crypto_Ripemd160
#define TC_HEADER_Crypto_Ripemd160
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define RIPEMD160_BLOCK_LENGTH 64
typedef struct RMD160Context
{
unsigned __int32 state[5];
#ifndef TC_WINDOWS_BOOT
uint64 count;
#else
uint32 count;
#endif
unsigned char buffer[RIPEMD160_BLOCK_LENGTH];
} RMD160_CTX;
void RMD160Init (RMD160_CTX *ctx);
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data);
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len);
void RMD160Final (unsigned char *digest, RMD160_CTX *ctx);
#if defined(__cplusplus)
}
#endif
#endif // TC_HEADER_Crypto_Ripemd160

8
src/Crypto/Sources
View File

@@ -7,7 +7,6 @@ NTTARGETFILES = \
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj" \
"$(OBJ_PATH)\$(O)\rdrand_ml.obj" \
"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Twofish_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Camellia_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Camellia_aesni_$(TC_ARCH).obj" \
@@ -22,19 +21,21 @@ NTTARGETFILES = \
SOURCES = \
Aes_$(TC_ARCH).asm \
gost89_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
rdrand_ml.asm \
rdseed_ml.asm \
Aeskey.c \
Aestab.c \
blake2s.c \
blake2s_SSE2.c \
blake2s_SSE41.c \
blake2s_SSSE3.c \
chacha-xmm.c \
chacha256.c \
chachaRng.c \
cpu.c \
jitterentropy-base.c \
rdrand.c \
Rmd160.c \
SerpentFast.c \
SerpentFast_simd.cpp \
Sha2.c \
@@ -43,7 +44,6 @@ SOURCES = \
t1ha2_selfcheck.c \
Twofish.c \
Twofish_$(TC_ARCH).S \
GostCipher.c \
Streebog.c \
kuznyechik.c \
kuznyechik_simd.c \

6
src/Crypto/config.h
View File

@@ -128,6 +128,12 @@
#define CRYPTOPP_SSSE3_AVAILABLE 0
# endif
#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64)
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0
#endif
#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__))
#define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1
#else

11
src/Crypto/cpu.h
View File

@@ -134,6 +134,11 @@ extern __m128i _mm_slli_epi16(__m128i _A, int _Count);
extern __m128i _mm_shuffle_epi32 (__m128i a, int imm8);
extern __m128i _mm_set_epi64x (__int64 e1, __int64 e0);
extern __m128i _mm_set1_epi64x (__int64 a);
extern __m128i _mm_castps_si128(__m128);
extern __m128 _mm_castsi128_ps(__m128i);
extern __m128 _mm_shuffle_ps(__m128 _A, __m128 _B, unsigned int _Imm8);
extern __m128i _mm_srli_si128(__m128i _A, int _Imm);
extern __m128i _mm_slli_si128(__m128i _A, int _Imm);
#define _mm_xor_si64 _m_pxor
#define _mm_empty _m_empty
#define _MM_SHUFFLE(fp3,fp2,fp1,fp0) (((fp3) << 6) | ((fp2) << 4) | \
@@ -148,12 +153,12 @@ extern __m128i _mm_set1_epi64x (__int64 a);
#endif
#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER)
#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
#endif
extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
extern __m128i _mm_alignr_epi8 (__m128i a, __m128i b, int n);
#if defined(__cplusplus)
}
#endif
@@ -162,13 +167,14 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#endif
#endif
#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)
#if CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
#endif
extern int _mm_extract_epi32(__m128i src, const int ndx);
extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx);
extern __m128i _mm_blend_epi16 (__m128i v1, __m128i v2, const int mask);
#if defined(_M_X64)
extern __m128i _mm_insert_epi64(__m128i dst, __int64 s, const int ndx);
#endif
@@ -200,7 +206,6 @@ extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);
#include <wmmintrin.h>
#endif
#endif
#endif
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64

483
src/Crypto/gost89_x64.asm
View File

@@ -1,483 +0,0 @@
;
; GOST89 implementation x64
;
; Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
;
; This program and the accompanying materials
; are licensed and made available under the terms and conditions
; of the Apache License, Version 2.0.
;
; The full text of the license may be found at
; https://opensource.org/licenses/Apache-2.0
;
; Some ideas from article https://xakep.ru/2013/10/19/shifrovanie-gost-28147-89/
;
[section .bss align=16]
;///////////////////////////////////////////////////////////////////
;// Win64 registers to save
;///////////////////////////////////////////////////////////////////
%macro SaveRegs 0
sub rsp,8*8+10*16
mov [rsp], rbx
mov [rsp+8], rbp
mov [rsp+8*2], rdi
mov [rsp+8*3], rsi
mov [rsp+8*4], r12
mov [rsp+8*5], r13
mov [rsp+8*6], r14
mov [rsp+8*7], r15
%endmacro
%macro RestoreRegs 0
mov rbx, [rsp]
mov rbp, [rsp+8]
mov rdi, [rsp+8*2]
mov rsi, [rsp+8*3]
mov r12, [rsp+8*4]
mov r13, [rsp+8*5]
mov r14, [rsp+8*6]
mov r15, [rsp+8*7]
add rsp,8*8+10*16
%endmacro
[section .text align=16]
;///////////////////////////////////////////////////////////////////
;// Crypting 2 blocks
;///////////////////////////////////////////////////////////////////
%macro gost_round2 2 ; 1 - pos1, 2 - pos2
; 1st
; 1-2 byte
add ecx, r13d ; add key
movzx edi, cl
movzx esi, ch
xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr ecx, 16
; 3-4 áàéò
movzx edi, cl
xor r14d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, ch
xor r14d, dword [r8 + 32 + rsi*4]
mov edx, [r8 + %1*4] ; read key for second step
; 2nd
; 1-2 byte
add eax, r10d ; read key
movzx r15d, al
movzx ebp, ah
xor r11d, dword [r8 + 32 + 256*3*4 + r15*4]
xor r11d, dword [r8 + 32 + 256*2*4 + rbp*4]
shr eax, 16
; 3-4 áàéò
movzx r15d, al
xor r11d, dword [r8 + 32 + 256*4 + r15*4]
movzx ebp, ah
xor r11d, dword [r8 + 32 + rbp*4]
mov ebx, [r8 + %1*4] ; read key for second step
; second step
; 1st
; 1-2 byte
add edx, r14d ; add key
movzx edi, dl
movzx esi, dh
xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr edx, 16
; 3-4 áàéò
movzx edi, dl
xor r13d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, dh
xor r13d, dword [r8 + 32 + rsi*4]
mov ecx, [r8 + %2*4] ; read key
; 2nd
; 1-2 byte
add ebx, r11d; ; add key
movzx r15d, bl;
movzx ebp, bh;
xor r10d, dword [r8 + 32 + 256*3*4 + r15*4]
xor r10d, dword [r8 + 32 + 256*2*4 + rbp*4]
shr ebx, 16
; 3-4 áàéò
movzx r15d, bl
xor r10d, dword [r8 + 32 + 256*4 + r15*4]
movzx ebp, bh
xor r10d, dword [r8 + 32 + rbp*4]
mov eax, [r8 + %2*4] ; read key
%endmacro
; input: r8 - &key, rcx - &IN
; returns: (r13) & (r10)
GostEncrypt2x64:
; 1st
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
; 2nd
mov r10d, [rcx + 16]
mov r11, [rcx + 16]
shr r11, 32
mov ecx, [r8]
mov eax, ecx
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 0
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 0
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 0
shl r13, 32 ; combine
or r13, r14
shl r10, 32 ; combine
or r10, r11
ret
; input: r8 - &key, rcx - &IN
; returns: (r13) & (r10)
GostDecrypt2x64:
; 1st
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
; 2nd
mov r10d, [rcx + 16]
mov r11, [rcx + 16]
shr r11, 32
mov ecx, [r8]
mov eax, ecx
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 0
shl r13, 32 ; combine
or r13, r14
shl r10, 32 ; combine
or r10, r11
ret
;///////////////////////////////////////////////////////////////////
;// Crypting 1 block
;///////////////////////////////////////////////////////////////////
%macro gost_round1 2 ; 1 - pos1, 2 - pos2
; 1-2 byte
add ecx, r13d ; add key
movzx edi, cl
movzx esi, ch
xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr ecx, 16
; 3-4 áàéò
movzx edi, cl
xor r14d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, ch
xor r14d, dword [r8 + 32 + rsi*4]
mov edx, [r8 + %1*4] ; read key for second step
; second step
; 1-2 byte
add edx, r14d ; add key
movzx edi, dl
movzx esi, dh
xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr edx, 16
; 3-4 áàéò
movzx edi, dl
xor r13d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, dh
xor r13d, dword [r8 + 32 + rsi*4]
mov ecx, [r8 + %2*4] ; read key
%endmacro
; input: r8 - &gost_kds rcx - &IN
; returns: r13
GostEncrypt1x64:
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
mov ecx, [r8]
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 0
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 0
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 0
shl r13, 32 ; combine
or r13, r14
ret
; input: r8 - &gost_kds rcx - IN
; returns: r13
GostDecrypt1x64:
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
mov ecx, [r8]
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 0
shl r13, 32 ; combine
or r13, r14
ret
global gost_encrypt_128_CBC_asm ; gost_encrypt_128_CBC_asm(uint64* in, uint64* out, gost_kds* kds, uint64 count);
; rcx - &in
; rdx - &out
; r8 - &gost_kds
; r9 - count
gost_encrypt_128_CBC_asm:
SaveRegs ; Saving
sub rsp, 32
mov [rsp], rdx ; Save out addr
mov [rsp + 8], rcx ; Save in addr
mov [rsp + 16], r8 ; key addr
.do:
mov [rsp + 24], r9 ; Save count
cmp r9, 2
jge .blk2
cmp r9, 1
jge .blk1
jmp .end
; One 128 block encryption
.blk1:
mov rcx, [rsp + 8] ; set in addr
call GostEncrypt1x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; restore in
mov [rdx], r13
mov rax, [rcx + 8]
xor rax, r13 ; CBC
add rdx, 8 ;next 8 bytes
mov [rdx], rax
mov rcx, rdx
call GostEncrypt1x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx + 8], r13
add rdx,16
mov [rsp], rdx
add rcx, 16
mov [rsp+8], rcx
mov r9, [rsp + 24]
dec r9
jmp .do
.blk2:
mov rcx, [rsp + 8] ; set in addr
call GostEncrypt2x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; restore in
mov [rdx], r13
mov rax, [rcx + 8]
xor rax, r13 ; CBC
mov [rdx + 16], r10
mov rbx, [rcx + 24]
xor rbx, r10 ; CBC
mov [rdx + 8], rax
mov [rdx + 24], rbx
add rdx, 8 ;next 8 bytes
mov rcx, rdx
call GostEncrypt2x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx + 8], r13
mov [rdx + 24], r10
add rdx,32
mov [rsp], rdx
add rcx, 32
mov [rsp+8], rcx
mov r9, [rsp + 24]
sub r9, 2
jmp .do
.end:
add rsp, 32 ; Load out addr
RestoreRegs ; Load
ret
global gost_decrypt_128_CBC_asm ; gost_decrypt_128_CBC_asm(uint64* in, uint64* out, const gost_kds* kds, uint64 count);
; rcx - &in
; rdx - &out
; r8 - &gost_kds
; r9 - count
gost_decrypt_128_CBC_asm:
SaveRegs ; Saving
sub rsp, 32
mov [rsp], rdx ; Save out addr
mov [rsp+8], rcx ; Save in addr
mov [rsp+16], r8 ; key addr
.do:
mov [rsp + 24], r9 ; Save count
cmp r9, 2
jge .blk2
cmp r9, 1
jge .blk1
jmp .end
; One 128 block decryption
.blk1:
add rcx, 8
call GostDecrypt1x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; Restore in
mov rax, [rcx]
xor rax, r13 ; CBC
mov [rdx + 8], rax
call GostDecrypt1x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx], r13
add rdx,16
mov [rsp], rdx
add rcx, 16
mov [rsp+8], rcx
mov r9, [rsp + 24]
dec r9
jmp .do
.blk2:
add rcx, 8
call GostDecrypt2x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; Restore in
mov rax, [rcx]
xor rax, r13 ; CBC
mov [rdx + 8], rax
mov rbx, [rcx+16]
xor rbx, r10 ; CBC
mov [rdx + 24], rbx
call GostDecrypt2x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx], r13
mov [rdx+16], r10
add rdx,32
mov [rsp], rdx
add rcx,32
mov [rsp+8], rcx
mov r9, [rsp + 24]
sub r9, 2
jmp .do
.end:
add rsp, 32 ; Load out addr
RestoreRegs ; Load
ret